[izacus]

I think that when we walk about security (and privacy!) the question that needs to be asked together is "against who?".

Yes, phones have stronger security requirements, but why are they being secured against people using them? :)

[Firmwarrior]

I agree with the sentiment here, but it's worth pointing out that most AAA games now come with an incredibly invasive anti-cheat suite that violates your computer's security and thoroughly violates your privacy. That's precisely because they're allowed to by the OS

If phones were more open, we'd be free to mod our own games and back up our own save files, but we'd have to live with every random crap app we download being able to take over the whole machine permanently any time.

[yjftsjthsd-h]

> If phones were more open, we'd be free to mod our own games and back up our own save files, but we'd have to live with every random crap app we download being able to take over the whole machine permanently any time.

It's possible to give the user full control and the ability to give apps more permissions, while still sandboxing apps by default. Consider, for example, flatpak, which can make the host filesystem totally invisible to apps but also allows the user to pass in files via the file picker or to totally expose paths by overriding its filesystem context.

[Firmwarrior]

Yeah, that's true

To be fair, even Android apps are reasonably locked down while still making it possible to install a proscribed emulator or Firefox or whatever

[JohnFen]

> it's worth pointing out that most AAA games now come with an incredibly invasive anti-cheat suite that violates your computer's security and thoroughly violates your privacy.

Which is why I stopped playing AAA games. I'm fine with avoiding them and having a machine I can actually control.

[jamespo]

How does that work re: the Steamdeck which is running Linux or other game consoles?

[smileybarry]

Anticheat-protected games just don’t work on Steam Deck (usually just refusing to connect).

A few anticheat engines support specifically Steam Deck after working with Valve, but even then each individual game developer has to opt into it. (For example: Destiny 2 uses EasyAntiCheat which is Deck-compatible but Bungie still refuse to whitelist it on Deck/Steam OS, and warn you may get banned if you try to sidestep the block)

Modern DRMs like Denuvo actually do tend to work in Proton/Wine (aka Steam OS’s compatibility layer) because they’re a wrapper around the game instead of a driver/debugger+game setup.

[izacus]

Many games with those invasive rootkit DRMs simply don't work.

Some publishers actually did remove the DRM just for the Deck version proving that DRM maybe isn't all that necessary when there's a will and manufacturer that doesn't bow down to ridiculous requirements :)

[kaba0]

Phones are the only popular end user device that has any sort of protection worth its salt. Against who? Against easily downloadable malware that can trivially execute as the user, effectively doing anything beside installing a video card driver. Can trivially log key presses, read any screen, download/upload to the internet, read your .ssh folder, browser cache, or encrypt your family photos without a second thought.

Mac is a bit ahead of the other two, but gnu/linux (as opposed to “android linux”) is just insanely unsecure.

[JohnFen]

> but gnu/linux (as opposed to “android linux”) is just insanely unsecure.

This isn't a property of GNU/Linux. It is very possible to have a highly secure Linux setup. That's not the way most distros operate, though, because highly secure setups tend to be user-hostile (which is the essential conundrum being talked about here, really).

[enos_feedler]

Because when you sell to a billion people it turns out that some of them need to be secured against the people using them. It only matters that this fraction is non-negligible, not some significant level to be a problem. And, you can't bless the other set with special privileges because those very pathways will be used against the set that needs protection against themselves.

[j-bos]

> Protection against themselves

Are these not adults? If not, is it the responsibilty of manufacturers to limit them, or the responsibility of their caretakers?

[soiler]

First of all, no, they're not adults. Kids can have phones, too.

Second, that's an extremely weak argument and I question if it's being made in good faith. But in case you are: the responsibility is on the manufacturer to make a safe product. That's why we have regulations on consumer product safety. You can't sell certain dangerous chemicals. You can't sell plastics with BPAs in them. Et cetera.

The consumer, when they have the product, also has their own responsibility to look out for their own safety. But that doesn't make it ok to give them something dangerous, especially if it's something that contains dangers most people don't even understand or know about, like malware. (Most people are "aware" of malware, but they have no idea how it works or how to protect themselves from it.)

[j-bos]

It's good faith, thanks for responding. :) I'm often challenged by these questions because the arguments often become questions of what's the best analog, which feels like it could be unreliable. I get your point about keeping chemicals out of our stuff, but that doesn't feel analagous to control over my device.

Keeping it in the kitchen, I'd say it's more like an Instant Pot that only lets you cook with Instant Pot Approved Recipe Packs. That way you'll never have food poisoning, or so says the marketing, and that's legit great novices! But if that's the only imduction cookpot available, something feels very off.

As for kids, parents are responsible for their use of stoves, cars, knives, etc. All are safe, until misused. I guess I'd like a clear line for where things are nerfed. And admit I might disagree with said line.

[soiler]

Hm, FWIW, I'm more on your side than not - I don't want to be locked out of customizing my devices. That's why I have GrapheneOS on my phone, and I think phone manufacturers may have gone too far in the overprotective side. I was only arguing that the correct path is somewhere in the middle, not a total abdication of responsibility by the manufacturer.

[enos_feedler]

It is the responsibility of you to find an alternative product if you don't like the limits put in place by the company doing this. It is a free market.

[dkonofalski]

>why are they being secured against people using them?

They're not. They're being secured against malicious actors who can convince grandma to install a rootkit or bitcoin miner on her PC.

[JohnFen]

In other words, they're being secured against the people using them.

[dkonofalski]

Get back to me when you find someone who was taken by this method that thinks it was used against them...

[8note]

My phone secured against whoever picks it up when I lose it or it gets stolen.

Unfortunately, that makes it less convenient and powerful for me to use, but I mostly don't need the power

[claytongulick]

Because sometimes the people using them are thieves that have stolen the phone, or blackhats that are actively trying to gain access to your bank account.